Re: clean binaries

[Tim Walberg <tewalberg () mediaone net>]

I don't know that it's necessarily "the best" way, but
the approach I would take would be to build a new system,
then burn a CD with the contents of /sbin, /usr/sbin,
/bin, and /usr/bin, and possibly stuff from /usr/local
or some other locations (you'll have to determine on
your own what you would need). I'd probably also
download a few additional tools that would be useful
for forensic or post-mortem analysis and put them on
the disk too. If you were feeling mor ambitious, you
could put everything you needed to make the disc bootable
on it, so you could boot off CD for post-mortem analysis
(then mount file systems r/o, etc.).

Not necessarily the most well thought out plan, but
it should give you somewhere to start...

                                tw

On 11/06/2000 13:40 -0500, pW wrote:
> >      Hello all...
> >      
> >      What is the best way to make a disk full of clean binaries so that should
> >      a machine be compromised you can use system binaries that you know are
> >      clean as opposed to using the ones on the system that may be
> >      compromised. Basically I am looking for the best way to get a CD full of
> >      binaries such as ifconfig, ps, login, and so on... the systems are already
> >      in production so I would prefer getting them from somewhere else because I
> >      don't want to assume that these systems are completely clean.
> >      
> >      Is it best to get these from the installation media that was used to
> >      install all of the systems?
> >      
> >      any help would be appreciated!
> >      
> >      thanks
> >      
> >      shawn
End of included message



-- 
+--------------------------+------------------------------+
| Tim Walberg              | tewalberg () mediaone net       |
| 828 Marshall Ct.         | www.concentric.net/~twalberg |
| Palatine, IL 60074       |                              |
+--------------------------+------------------------------+

Attachment: _bin
Description: